Latest Cyber Security News
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious …
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without JustificationRead More
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, …
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively ExploitedRead More
Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service …
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack OverflowRead More
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The …
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense ForcesRead More
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, …
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout PagesRead More
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available …
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading ToolRead More
AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping …
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key SprawlRead More
Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, stealthy access to …
New Advanced Linux VoidLink Malware Targets Cloud and container EnvironmentsRead More
Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about "new" threats. AI-powered attacks. Quantum-resistant …
What Should We Learn From How Attackers Leveraged AI in 2025?Read More
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform …
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User ImpersonationRead More
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool …
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows AttackRead More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities …
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code ExecutionRead More
Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth …
n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth TokensRead More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn't need …
⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & MoreRead More
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as …
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak CredentialsRead More
Anthropic has become the latest Artificial intelligence (AI) company to announce a new suite of features that allows users of its Claude platform to better understand their health information. Under …
Anthropic Launches Claude AI for Healthcare with Secure Health Record AccessRead More
Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) …
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering FraudRead More
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based …
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East SectorsRead More
Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the …
Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized CrimeRead More
Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far …
China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual MachinesRead More
![[webinar] securing agentic ai: from mcps and tool access to](https://thecybersecurity.news/data/2026/01/Webinar-Securing-Agentic-AI-From-MCPs-and-Tool-Access-to-150x150.jpg)
